IPSec DMVPN Help
Hi everybody. We want to use IPSec DMVPN topology. We use OSPF protocol and we wonder how many Spoke routers can we add to the system ? Is ıt 250, 300 or 1000 ? Actually we want to use this topology over 2 dual Hub and more than 900 Spokes. Which routing protocol do you suggest? For adding LAN side and tunnel interfaces we will use OSPF. For WAN side it will be static route. Do you suggest BGP? Also, we will use different company devices so it is really complicated. Thank you so much. I am waiting for your help.
Also, we want to use 3G back up links between routers over another tunnel interfaces.
Also, we want to use 3G back up links between routers over another tunnel interfaces.
Comments
-
shodown Member Posts: 2,271Hmm
Is there a reason for choosing DMVPN?
What is your current Wan transport?
How many sites?Currently Reading
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related -
RouteMyPacket Member Posts: 1,104First off, let us know the router models you have chosen for the Hubs as that will determine scalability. Typically the 3900's are good but the new 4400's are where it's at now, look into iWAN as well with these 4400's. I dare say you might be looking at going with an ASR because of the number of spokes you have
http://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html
OSPF over the tunnels is no problem as well as leveraging 3g as a failoverModularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
Kelkin Member Posts: 261 ■■■□□□□□□□Actually with that many spokes.. I dont think I would go with OSPF.. Best practices with OSPF is limiting to 50 routers in an area.. and how Dynamic DMVPN can be it could generate alot of LSA traffic when links flap... Per Cisco the preferred routing protocol for DMVPN is EIGRP..
Dynamic Multipoint VPN (DMVPN) Design Guide (Version 1.1) - DMVPN Design and Implementation [Design Zone for IPv6] - Cisco
But again my working with DMVPN is limited.. only used it for a handful of sites.. -
gorebrush Member Posts: 2,743 ■■■■■■■□□□Yeah OSPF is going to be a problem over that many links. A topology change could be lethal.
EIGRP is the recommended solution, for sure, but if you *already* have OSPF - then redesigning a big network could be a problem... -
albatrow Registered Users Posts: 2 ■□□□□□□□□□The WAN transport is over metro ethernet.
The firm wants to use that DMVPN system actually, it will be made ultimately.
The manager thinks to choose Cisco 2921 series router with VPN ISM for Hub and Cisco 1921 for Spokes. We also think to choose Cisco 2951 or 3900 series router for Hub. System has not started to be established yet, we are designing the topology now.
Thank you so much for your answers. I will tell you the final decision. -
powmia Users Awaiting Email Confirmation Posts: 322EIGRP or BGP are the most scalable.
If you prefer OSPF, the 50 router limit is 100% absolutely completely bogus. That is a design recommendation from 15 years ago and was purely based on existing router mem and cpu... You can push OSPF almost as far as EIGRP if you use point-to-multipoint, and set it up as a mesh-group (database-filter all out) with only defaults sent to the spokes. The decision at that point, is what phase you require for your DMVPN. If you want spoke-to-spoke traffic, you can´t modify next-hops from other spokes; which means you need OSPF of network-type broadcast (which doesnt scale so big). If you dont and wont ever need spoke-to-spoke tunnels, OSPF can suit you just fine, otherwise look at EIGRP or iBGP w/ RRs. -
bermovick Member Posts: 1,135 ■■■■□□□□□□Dmvpn phase 3 should let you just do a default-information originate to the spokes and let NHRP handle the resolution for spoke-to-spoke traffic, shouldn't it? In that case, you could avoid having to do the broadcast network type to help with scalability issues.Latest Completed: CISSP
Current goal: Dunno